summary refs log tree commit diff
path: root/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/kpmcore/nixostrustedprefix.patch')
-rw-r--r--pkgs/development/libraries/kpmcore/nixostrustedprefix.patch13
1 files changed, 13 insertions, 0 deletions
diff --git a/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch b/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch
new file mode 100644
index 00000000000..cb1eb68364d
--- /dev/null
+++ b/pkgs/development/libraries/kpmcore/nixostrustedprefix.patch
@@ -0,0 +1,13 @@
+diff --git a/src/util/externalcommandhelper.cpp b/src/util/externalcommandhelper.cpp
+index a879c8d..3d7863b 100644
+--- a/src/util/externalcommandhelper.cpp
++++ b/src/util/externalcommandhelper.cpp
+@@ -387,7 +387,7 @@ QVariantMap ExternalCommandHelper::RunCommand(const QString& command, const QStr
+     if (dirname == QStringLiteral("bin") || dirname == QStringLiteral("sbin")) {
+         prefix.cdUp();
+     }
+-    if (trustedPrefixes.find(prefix.path()) == trustedPrefixes.end()) { // TODO: C++20: replace with contains
++    if (!prefix.path().startsWith(QStringLiteral("/nix/store")) && !prefix.path().startsWith(QStringLiteral("/run/current-system/sw"))) { // TODO: C++20: replace with contains
+         qInfo() << prefix.path() << "prefix is not one of the trusted command prefixes";
+         reply[QStringLiteral("success")] = false;
+         return reply;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-30 19:39:15 +0000